If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Payload:
Large scale e-mailing: Sends email messages using its own SMTP engine
Causes system instability: Sends data to fethard.biz and fethard-finance.com in an attempt to perform a Denial Of Serivce
Distribution

Subject of email: don't be late! [random string of letters]
Name of attachment: readnow.zip
Size of attachment: 10,912

When W32.Mimail.D@mm is executed, it does the following:

Copies itself as %Windir%\cnfrm.exe.

--------------------------------------------------------------------------------
Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
--------------------------------------------------------------------------------

Adds the value:

"Cnfrm" = "%Windir%\cnfrm.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

AKA and Variants

W32/Mimail@mm [McAfee] W32.Mimail.A@mm, W32.Mimail.C@mm

BTW: I think I have unwittingly classified this Worm as Spam on my mail system.. .. and have manualy deleted the crud from the ISP's Server..

"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Oh no! A virii! Wait.... *looks at Boxes* Oh, there all *NIX except for one that isnt even on... *whipes forehead* Whew! That was close! Glad thats over!

lol, Yea I had too. This is just getting pathetic, is there some virii competition going on that I was not informed of? Seems to be a new one every week. And anything that makes Windows crash like these......Is usually installed by default Buahahahahaha.